General
-
Target
PO.exe
-
Size
1.3MB
-
Sample
230725-mwpnbacb69
-
MD5
456b73d6317cb5a57fe14e89f9b96408
-
SHA1
149cc1cd047994354c0188e8e3ed8369376a8efe
-
SHA256
f0de5714ce83c1b278f1426a198450e9ee1a94fdaefd77d502ec9c010cc43450
-
SHA512
93893d0b766c39fe7da8dd6cd5f0c2b4e3afac8f29d4b37299bb8efa04e36ef1c5b1aaad7d81e10166bcb8fdd7d485c8944abba99993d0a5be1ce979fc0d3a31
-
SSDEEP
24576:ranliXrYoAUdjb+CWzRPs71onMd5RhxnxhMHwMdo:elarYJUdvjiJlMdTD3MQ
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20230712-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
PO.exe
-
Size
1.3MB
-
MD5
456b73d6317cb5a57fe14e89f9b96408
-
SHA1
149cc1cd047994354c0188e8e3ed8369376a8efe
-
SHA256
f0de5714ce83c1b278f1426a198450e9ee1a94fdaefd77d502ec9c010cc43450
-
SHA512
93893d0b766c39fe7da8dd6cd5f0c2b4e3afac8f29d4b37299bb8efa04e36ef1c5b1aaad7d81e10166bcb8fdd7d485c8944abba99993d0a5be1ce979fc0d3a31
-
SSDEEP
24576:ranliXrYoAUdjb+CWzRPs71onMd5RhxnxhMHwMdo:elarYJUdvjiJlMdTD3MQ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-